|
|
| Problem Description |
A number of vulnerabilities were found in the Cacti program, including
XSS vulnerabilities, SQL injection vulnerabilities, CRLF injection
vulnerabilities, and information disclosure vulnerabilities.
This update provides Cacti 0.8.6k which corrects these issues.
| Updated Packages |
Corporate Server 4.0
65edabbdda4368515b5746d87bdaf63c corporate/4.0/i586/cacti-0.8.6k-0.0.20060mlcs4.noarch.rpm 662fc62ff87a7fe6620a50aaca25b162 corporate/4.0/SRPMS/cacti-0.8.6k-0.0.20060mlcs4.src.rpm
Corporate Server 4.0/X86_64
30aedd43c1df197e74085d8741d3af5b corporate/4.0/x86_64/cacti-0.8.6k-0.0.20060mlcs4.noarch.rpm 662fc62ff87a7fe6620a50aaca25b162 corporate/4.0/SRPMS/cacti-0.8.6k-0.0.20060mlcs4.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0786
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.